[IMP] auth_crypt: auto-install, improve description, bump version
The compatibility issue with auth_ldap has been fixed and the default key derivation function switched to PKDF2+SHA512. `auth_signup` provides a password reset mechanism that can be used in combination with `auth_crypt`.
This commit is contained in:
parent
131d4c97c2
commit
5388eee321
|
@ -1,8 +1,8 @@
|
||||||
# -*- encoding: utf-8 -*-
|
# -*- encoding: utf-8 -*-
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#
|
#
|
||||||
# OpenERP, Open Source Management Solution
|
# Odoo, Open Source Management Solution
|
||||||
# Copyright (C) 2004-2009 Tiny SPRL (<http://tiny.be>).
|
# Copyright (C) 2004-2014 OpenERP S.A. (<http://odoo.com>).
|
||||||
#
|
#
|
||||||
# This program is free software: you can redistribute it and/or modify
|
# This program is free software: you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU Affero General Public License as
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
@ -20,23 +20,41 @@
|
||||||
##############################################################################
|
##############################################################################
|
||||||
{
|
{
|
||||||
'name': 'Password Encryption',
|
'name': 'Password Encryption',
|
||||||
'version': '1.1',
|
'version': '2.0',
|
||||||
'author': ['OpenERP SA', 'FS3'],
|
'author': ['OpenERP SA', 'FS3'],
|
||||||
'maintainer': 'OpenERP SA',
|
'maintainer': 'OpenERP SA',
|
||||||
'website': 'https://www.odoo.com',
|
'website': 'https://www.odoo.com',
|
||||||
'category': 'Tools',
|
'category': 'Tools',
|
||||||
'description': """
|
'description': """
|
||||||
Ecrypted passwords
|
Encrypted passwords
|
||||||
==================
|
===================
|
||||||
|
|
||||||
|
Replaces the default password storage with a strong cryptographic
|
||||||
|
hash.
|
||||||
|
|
||||||
|
The key derivation function currently used is RSA Security LLC's
|
||||||
|
industry-standard ``PKDF2``, in combination with ``SHA512``.
|
||||||
|
This includes salting and key stretching with several thousands
|
||||||
|
rounds.
|
||||||
|
|
||||||
|
All passwords are encrypted as soon as the module is installed.
|
||||||
|
This may take a few minutes if there are thousands of users.
|
||||||
|
|
||||||
|
Past versions of encrypted passwords will be automatically upgraded
|
||||||
|
to the current scheme whenever a user authenticates
|
||||||
|
(``auth_crypt`` was previously using the weaker ``md5crypt`` key
|
||||||
|
derivation function).
|
||||||
|
|
||||||
|
Note: Installing this module permanently prevents user password
|
||||||
|
recovery and cannot be undone. It is thus recommended to enable
|
||||||
|
some password reset mechanism for users, such as the one provided
|
||||||
|
by the ``auth_signup`` module (signup for new users does not
|
||||||
|
necessarily have to be enabled).
|
||||||
|
|
||||||
Interaction with LDAP authentication:
|
|
||||||
-------------------------------------
|
|
||||||
This module is currently not compatible with the ``user_ldap`` module and
|
|
||||||
will disable LDAP authentication completely if installed at the same time.
|
|
||||||
""",
|
""",
|
||||||
'depends': ['base'],
|
'depends': ['base'],
|
||||||
'data': [],
|
'data': [],
|
||||||
'auto_install': False,
|
'auto_install': True,
|
||||||
'installable': True,
|
'installable': True,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue